The system software automatically generates a key set
and certificate for the Control Station when the system is installed or
upgraded. The Control Station uses this key set and certificate to sign
certificate requests from Data Movers. However, before the Control Station can
successfully operate as a CA and be recognized by a Data Mover as such, you
must complete several configuration tasks:
Distribute the Control Station CA certificate to network
clients. In order for a network client to validate a certificate sent by a Data
Mover that has been signed by the Control Station, the client needs the public
key from the CA certificate to verify the Data Mover certificate’s signature.
Import
the CA certificate (with the CA certificates from external CAs).
A copy of the Control Station certificate can be
obtained only by using the CLI. If the Control Station key set and certificate
are compromised, you can regenerate them. This task can be accomplished only
through a CLI command. After regenerating the Control Station key set and
certificate, you have to regenerate a new key set and certificate request, and
then import the signed certificate for any personas whose certificates are
signed by the Control Station.
NOTE:The Control Station continues to generate a
separate key set for the SSL-based connection between the Apache web server (on
behalf of Unisphere) and a user’s web browser. However, the Control Station now
uses the CA key set to sign the Apache web server’s certificate, meaning the
certificate is no longer self-signed.
Installing Management Applications on VNX for
File describes how to manage certificates for Unisphere.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\